Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vmqe-m9cy-p7gp
Summarycri-o: capabilities are not dropped when switching to a non-root user
Aliases
0
alias CVE-2018-1000400
Fixed_packages
Affected_packages
0
url pkg:rpm/redhat/atomic-openshift@3.9.30-1.git.0.dec1ba7?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.9.30-1.git.0.dec1ba7?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dpht-br2m-zqfs
1
vulnerability VCID-vmqe-m9cy-p7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.9.30-1.git.0.dec1ba7%3Farch=el7
1
url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.30-1.git.349.8b7912c?arch=el7
purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.30-1.git.349.8b7912c?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dpht-br2m-zqfs
1
vulnerability VCID-vmqe-m9cy-p7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.30-1.git.349.8b7912c%3Farch=el7
2
url pkg:rpm/redhat/atomic-openshift-web-console@3.9.30-1.git.245.4a3aade?arch=el7
purl pkg:rpm/redhat/atomic-openshift-web-console@3.9.30-1.git.245.4a3aade?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dpht-br2m-zqfs
1
vulnerability VCID-vmqe-m9cy-p7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-web-console@3.9.30-1.git.245.4a3aade%3Farch=el7
3
url pkg:rpm/redhat/cri-o@1.9.12-1.gitfa11beb?arch=el7
purl pkg:rpm/redhat/cri-o@1.9.12-1.gitfa11beb?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dpht-br2m-zqfs
1
vulnerability VCID-vmqe-m9cy-p7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.9.12-1.gitfa11beb%3Farch=el7
4
url pkg:rpm/redhat/cri-tools@1.0.0-5.rhaos3.9.git8e6013a?arch=el7
purl pkg:rpm/redhat/cri-tools@1.0.0-5.rhaos3.9.git8e6013a?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dpht-br2m-zqfs
1
vulnerability VCID-vmqe-m9cy-p7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-tools@1.0.0-5.rhaos3.9.git8e6013a%3Farch=el7
5
url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.30-1.git.890.7ea5173?arch=el7
purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.30-1.git.890.7ea5173?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dpht-br2m-zqfs
1
vulnerability VCID-vmqe-m9cy-p7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.30-1.git.890.7ea5173%3Farch=el7
6
url pkg:rpm/redhat/openshift-ansible@3.9.30-1.git.7.46f8678?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.9.30-1.git.7.46f8678?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dpht-br2m-zqfs
1
vulnerability VCID-vmqe-m9cy-p7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.9.30-1.git.7.46f8678%3Farch=el7
7
url pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.16.1-1?arch=el7
purl pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.16.1-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dpht-br2m-zqfs
1
vulnerability VCID-vmqe-m9cy-p7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-fluent-plugin-elasticsearch@1.16.1-1%3Farch=el7
8
url pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter@1.0.3-1?arch=el7
purl pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter@1.0.3-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dpht-br2m-zqfs
1
vulnerability VCID-u9ph-5sbd-mfgp
2
vulnerability VCID-vmqe-m9cy-p7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter@1.0.3-1%3Farch=el7
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000400.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000400.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000400
reference_id
reference_type
scores
0
value 0.00879
scoring_system epss
scoring_elements 0.75289
published_at 2026-04-01T12:55:00Z
1
value 0.00879
scoring_system epss
scoring_elements 0.75414
published_at 2026-04-24T12:55:00Z
2
value 0.00879
scoring_system epss
scoring_elements 0.75389
published_at 2026-04-18T12:55:00Z
3
value 0.00879
scoring_system epss
scoring_elements 0.7538
published_at 2026-04-21T12:55:00Z
4
value 0.00879
scoring_system epss
scoring_elements 0.75292
published_at 2026-04-02T12:55:00Z
5
value 0.00879
scoring_system epss
scoring_elements 0.75324
published_at 2026-04-04T12:55:00Z
6
value 0.00879
scoring_system epss
scoring_elements 0.75302
published_at 2026-04-07T12:55:00Z
7
value 0.00879
scoring_system epss
scoring_elements 0.75345
published_at 2026-04-08T12:55:00Z
8
value 0.00879
scoring_system epss
scoring_elements 0.75355
published_at 2026-04-09T12:55:00Z
9
value 0.00879
scoring_system epss
scoring_elements 0.75375
published_at 2026-04-11T12:55:00Z
10
value 0.00879
scoring_system epss
scoring_elements 0.75354
published_at 2026-04-12T12:55:00Z
11
value 0.00879
scoring_system epss
scoring_elements 0.75342
published_at 2026-04-13T12:55:00Z
12
value 0.00879
scoring_system epss
scoring_elements 0.75383
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000400
2
reference_url https://github.com/kubernetes-incubator/cri-o/pull/1558/files
reference_id
reference_type
scores
url https://github.com/kubernetes-incubator/cri-o/pull/1558/files
3
reference_url http://www.securityfocus.com/bid/104262
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104262
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1578109
reference_id 1578109
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1578109
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000400
reference_id CVE-2018-1000400
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000400
Weaknesses
0
cwe_id 270
name Privilege Context Switching Error
description The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
1
cwe_id 269
name Improper Privilege Management
description The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Exploits
Severity_range_score4.3 - 8.8
Exploitability0.5
Weighted_severity7.9
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vmqe-m9cy-p7gp